You can report bug and security issues here:
Note that something like permissions settings which may be difficult to understand would not be considered a bug unless it's plainly a bug.
"You are configured to allow search bots to index your forum. Do you want to do this? Y/N"
Most people are going to have a mix of forums they will want to configure forums for bot access. Let me give you an example of one configuration I had,
Private admin/moderator forums >> No bot access obviously.
On topic forums >> Access for bots
Off topic forums >> I didn't want them indexed, no access for bots. However they were fully accessible to guests and at the time I was running Google ads so I created additional group for ad bot to give it access.
Private forum behind login where only members from open group had access >> Same as above with the ad bot.**** Note that someone could access this forum by spoofing UA so you wouldn't do this if you needed it completely private.
Last but not least I have another group that gives bots and guests access to files only. e.g. someone posts image in a private forum and then links to it in public forum they can view it. Once again this type of configuration is not something you would do if you wanted to keep it completely private.
phpBB permissions can be difficult to understand and there has been complaints even before the official release of 3.0.0 in 2007. They are basically configured the same since. I don't know if there is better way to handle them that can maintain the flexibility they have.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”
Attributed - Thomas Edison